Fix for bug 534362 (Allow modifications to Location.prototype). r=mrbkap.
authorPeter Van der Beken <peterv@propagandism.org>
Sun, 13 Dec 2009 16:57:08 -0800
changeset 35708 1c53517269200bd7436b7f15c04ef0dfdc1c45d0
parent 35707 4700e3c42868ce50db87ded6c7508a54a8043d13
child 35709 50cc41c7a17698106e4c8320cee3f49d5b29a34b
push id10687
push userpvanderbeken@mozilla.com
push dateMon, 14 Dec 2009 05:10:28 +0000
treeherdermozilla-central@8f6bdbf8e701 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmrbkap
bugs534362
milestone1.9.3a1pre
Fix for bug 534362 (Allow modifications to Location.prototype). r=mrbkap.
dom/base/nsDOMClassInfo.cpp
dom/tests/mochitest/bugs/Makefile.in
dom/tests/mochitest/bugs/iframe_bug534362.html
dom/tests/mochitest/bugs/test_bug534362.html
--- a/dom/base/nsDOMClassInfo.cpp
+++ b/dom/base/nsDOMClassInfo.cpp
@@ -578,21 +578,18 @@ static nsDOMClassInfoData sClassInfoData
   // that are implemented by nsGlobalWindow can securely be exposed
   // to JS.
 
 
   NS_DEFINE_CLASSINFO_DATA(Window, nsWindowSH,
                            DEFAULT_SCRIPTABLE_FLAGS |
                            WINDOW_SCRIPTABLE_FLAGS)
 
-  // Don't allow modifications to Location.prototype
   NS_DEFINE_CLASSINFO_DATA(Location, nsLocationSH,
-                           (DOM_DEFAULT_SCRIPTABLE_FLAGS |
-                            nsIXPCScriptable::WANT_PRECREATE) &
-                           ~nsIXPCScriptable::ALLOW_PROP_MODS_TO_PROTOTYPE)
+                           DOM_DEFAULT_SCRIPTABLE_FLAGS)
 
   NS_DEFINE_CLASSINFO_DATA(Navigator, nsNavigatorSH,
                            DOM_DEFAULT_SCRIPTABLE_FLAGS |
                            nsIXPCScriptable::WANT_PRECREATE)
   NS_DEFINE_CLASSINFO_DATA(Plugin, nsPluginSH,
                            ARRAY_SCRIPTABLE_FLAGS)
   NS_DEFINE_CLASSINFO_DATA(PluginArray, nsPluginArraySH,
                            ARRAY_SCRIPTABLE_FLAGS)
--- a/dom/tests/mochitest/bugs/Makefile.in
+++ b/dom/tests/mochitest/bugs/Makefile.in
@@ -101,12 +101,14 @@ include $(topsrcdir)/config/rules.mk
 		test_bug495219.html \
 		test_bug504862.html \
 		file_bug504862.html \
 		test_bug260264.html \
 		test_bug260264_nested.html \
 		child_bug260264.html \
 		grandchild_bug260264.html \
 		utils_bug260264.js \
+		test_bug534362.html \
+		iframe_bug534362.html \
 		$(NULL)
 
 libs:: 	$(_TEST_FILES)
 	$(INSTALL) $(foreach f,$^,"$f") $(DEPTH)/_tests/testing/mochitest/tests/$(relativesrcdir)
new file mode 100644
--- /dev/null
+++ b/dom/tests/mochitest/bugs/iframe_bug534362.html
@@ -0,0 +1,19 @@
+<html>
+<head>
+	<title>Iframe test for bug 534362</title>
+</head>
+<body">
+<script>
+function locationSetter(_href)
+{
+  netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+  parent.setterCalled = true;
+};
+
+netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+parent.setterCalled = false;
+location.__proto__.href setter = locationSetter;
+location.href = "javascript:";
+</script>
+</body>
+</html>
new file mode 100644
--- /dev/null
+++ b/dom/tests/mochitest/bugs/test_bug534362.html
@@ -0,0 +1,44 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+https://bugzilla.mozilla.org/show_bug.cgi?id=534362
+-->
+<head>
+  <title>Test for Bug 534362</title>
+  <script type="application/javascript" src="/MochiKit/packed.js"></script>
+  <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
+</head>
+<body>
+<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=534362">Mozilla Bug 534362</a>
+<p id="display"></p>
+<div id="content" style="display: none">
+  <iframe src="http://example.org/tests/dom/tests/mochitest/bugs/iframe_bug534362.html" name="testFrame" onload="changeLocation();"></iframe>
+</div>
+<pre id="test">
+<script type="application/javascript">
+
+/** Test for Bug 534362 **/
+
+function checkSetterCalled(called, shouldCall)
+{
+  is(called, shouldCall, "Setter " + (called ? "" : "not ") + "called.");
+  if (!shouldCall) {
+    top.SimpleTest.finish();
+  }
+}
+
+function changeLocation()
+{
+  checkSetterCalled(setterCalled, true);
+  setterCalled = false;
+  frames["testFrame"].location.href = "javascript:";
+  checkSetterCalled(setterCalled, false);
+}
+
+SimpleTest.waitForExplicitFinish();
+
+</script>
+</pre>
+</body>
+</html>